Three Russian hackers have been indicted for hacking into the international energy sector, targeting ICS and SCADA systems.
Key Takeaways:
- Three state-sponsored Russian hackers were indicted following cyberattacks on the international energy sector, including oil and gas companies, power plants, and utility and power transmission companies.
- ICS and Supervisory Control and Data Acquisition (SCADA) systems, which are used to control the equipment in energy facilities, were targeted; the compromise of such systems would grant Russia the power to disrupt and impair these systems at any given moment.
- The crusades took place in two parts, first breaching networks to install malware before honing in on individual engineers.
- Malware was hidden in unsuspecting locations, such as routine software updates and commonly visited websites.
- Through supply chain attacks and other methods, over 17,000 devices internationally were affected by malware – including networks in the energy sector with ICS/SCADA systems.
Why it Matters:
- ICS and SCADA systems are particularly vulnerable to this recent string of breaches because the conspirators transitioned to more targeted compromises that focused on specific energy sector entities and individuals and engineers who worked with ICS/SCADA systems.
- Leaving any aspect of your network unprotected opens the door to each of your organization’s devices, so it’s critical to leave no stone unturned in your cybersecurity efforts.
- A cybersecurity firm can provide you with thorough coverage that defends all of your blind spots by detecting your systems’ weaknesses – and once you’ve filled in the gaps, penetration testing and continued training can ensure you’re always protected.
Resources:
- Source: https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
- BW’s Vulnerability Assessment and Penetration Testing: https://www.bwcyberservices.com/services/penetration-testing/
- BW’s Enterprise / Custom Training & Phishing: https://www.bwcyberservices.com/services/training-phishing/